So this is my configuration (simplified for the sake of simplicity):
Setup:
I have two DCs (numbered list for reference):
DC=one,DC=company,DC=comDC=two,DC=company,Dc=com
In each of them I have a few groups:
DC=one,DC=company,DC=comone.company.com\some\folder\group1one.company.com\some\other\folder\group2one.comapny.com\some\different\folder\here\group3
<b>DC=two,DC=company,Dc=comtwo.company.com\some\folder\group4two.company.com\some\other\folder\group5
Then group1 is a memeber of:
one.company.com\some\other\folder\group2one.comapny.com\some\different\folder\here\group3two.company.com\some\folder\group4
So group1 exists in the one.company.com DC and is a member of groups that exist in both DCs: one.company.com and two.company.com.
Question
I'm trying to figure out how I can query AD for group1 and get all of the groups which it is a memberOf across all the DCs?
This is the result of various LDAP calls I've tried:
<LDAP://DC=one,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree- returns the 2 groups inone.company.combut not the group intwo.company.com<LDAP://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree- error (as expected)<GC://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree- returns the 1 group intwo.company.combut not the groups inone.company.com(but not sure why)<GC://DC=corp,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree- returns the 1 group intwo.company.combut not the groups inone.company.com(but not sure why)